Can't stop process - filename changes

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I have found that I have a process running that tries to add itself to the
registry. I'm not sure what is starting the process but I cannot stop it.
I can go to the task manager and the process will be listed with a filename
like 'lzwmqmi.exe'. I can end the process, but immediately another process
begins with a different odd looking name (ijaqabyvzvh.exe). I have seen about
10-12 diferent names used and some duplicates.
I can open Windows Explorer, go to the windows/system32 folder and see the
file name listed before stopping the process. I cannot delete the file
because it is in use. If I stop the process in task manager, the file leaves
the windows/system32 folder and the new filename appears as the new process
begins in task manager.
Some process must be running that is not only starting but creating these
odd named "exe' files, but I can't determine what it is. I am running the
Spybot Search & Destroy feature that alerts you when a task is trying to
change the registry. The alerts from Spybot Search & Destroy is how I
discovered these programs where running.
I have run virus scan on the drive with no problems found. I have run both
Spybot Search & Destroy and Ad-Aware and the processes continue.
Any help?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

On Fri, 6 May 2005 06:00:02 -0700, walker_wd <walker_wd@discussions.microsoft.com> wrote:

>I have found that I have a process running that tries to add itself to the
>registry. I'm not sure what is starting the process but I cannot stop it.
>I can go to the task manager and the process will be listed with a filename
>like 'lzwmqmi.exe'. I can end the process, but immediately another process
>begins with a different odd looking name (ijaqabyvzvh.exe). I have seen about
>10-12 diferent names used and some duplicates.
>I can open Windows Explorer, go to the windows/system32 folder and see the
>file name listed before stopping the process. I cannot delete the file
>because it is in use. If I stop the process in task manager, the file leaves
>the windows/system32 folder and the new filename appears as the new process
>begins in task manager.
>Some process must be running that is not only starting but creating these
>odd named "exe' files, but I can't determine what it is. I am running the
>Spybot Search & Destroy feature that alerts you when a task is trying to
>change the registry. The alerts from Spybot Search & Destroy is how I
>discovered these programs where running.
>I have run virus scan on the drive with no problems found. I have run both
>Spybot Search & Destroy and Ad-Aware and the processes continue.
>Any help?

When you ran these programs did you disable system restore and then re enable it after reboot? Sometime these files are
placed in system restore and they cannot be deleted unless system restore is turned off. Hope this helps.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi

Please try the following programs as well:

Ad-Aware - www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://forum.aumha.org/downloads/cwshredder.zip
Spy Sweeper - www.webroot.com

Try SpyWareBlaster to stop intrusions:

http://www.javacoolsoftware.com/spywareblaster.html

Also see the following links:

http://aumha.org/a/parasite.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.microsoft.com/security/articles/spyware.asp

--

Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups


"walker_wd" <walker_wd@discussions.microsoft.com> wrote in message
news:3CB57D27-CD98-4BB0-8709-D034FEA46F1E@microsoft.com...
>I have found that I have a process running that tries to add itself to the
> registry. I'm not sure what is starting the process but I cannot stop it.
> I can go to the task manager and the process will be listed with a
> filename
> like 'lzwmqmi.exe'. I can end the process, but immediately another process
> begins with a different odd looking name (ijaqabyvzvh.exe). I have seen
> about
> 10-12 diferent names used and some duplicates.
> I can open Windows Explorer, go to the windows/system32 folder and see the
> file name listed before stopping the process. I cannot delete the file
> because it is in use. If I stop the process in task manager, the file
> leaves
> the windows/system32 folder and the new filename appears as the new
> process
> begins in task manager.
> Some process must be running that is not only starting but creating these
> odd named "exe' files, but I can't determine what it is. I am running the
> Spybot Search & Destroy feature that alerts you when a task is trying to
> change the registry. The alerts from Spybot Search & Destroy is how I
> discovered these programs where running.
> I have run virus scan on the drive with no problems found. I have run both
> Spybot Search & Destroy and Ad-Aware and the processes continue.
> Any help?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Oops - sorry:

Please try the following programs as well:

CWShredder - http://forum.aumha.org/downloads/cwshredder.zip
Spy Sweeper - www.webroot.com

Try SpyWareBlaster to stop intrusions:

http://www.javacoolsoftware.com/spywareblaster.html

Also see the following links:

http://aumha.org/a/parasite.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.microsoft.com/security/articles/spyware.asp


--

Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups


"walker_wd" <walker_wd@discussions.microsoft.com> wrote in message
news:3CB57D27-CD98-4BB0-8709-D034FEA46F1E@microsoft.com...
>I have found that I have a process running that tries to add itself to the
> registry. I'm not sure what is starting the process but I cannot stop it.
> I can go to the task manager and the process will be listed with a
> filename
> like 'lzwmqmi.exe'. I can end the process, but immediately another process
> begins with a different odd looking name (ijaqabyvzvh.exe). I have seen
> about
> 10-12 diferent names used and some duplicates.
> I can open Windows Explorer, go to the windows/system32 folder and see the
> file name listed before stopping the process. I cannot delete the file
> because it is in use. If I stop the process in task manager, the file
> leaves
> the windows/system32 folder and the new filename appears as the new
> process
> begins in task manager.
> Some process must be running that is not only starting but creating these
> odd named "exe' files, but I can't determine what it is. I am running the
> Spybot Search & Destroy feature that alerts you when a task is trying to
> change the registry. The alerts from Spybot Search & Destroy is how I
> discovered these programs where running.
> I have run virus scan on the drive with no problems found. I have run both
> Spybot Search & Destroy and Ad-Aware and the processes continue.
> Any help?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I have system restore disabled...

"Abe Coates" <acoates at sasktel dot net> wrote in message
news:jmbn71tmet3i9057s00sn5hfecn9f060lr@4ax.com...
> On Fri, 6 May 2005 06:00:02 -0700, walker_wd
> <walker_wd@discussions.microsoft.com> wrote:
>
>>I have found that I have a process running that tries to add itself to the
>>registry. I'm not sure what is starting the process but I cannot stop it.
>>I can go to the task manager and the process will be listed with a
>>filename
>>like 'lzwmqmi.exe'. I can end the process, but immediately another process
>>begins with a different odd looking name (ijaqabyvzvh.exe). I have seen
>>about
>>10-12 diferent names used and some duplicates.
>>I can open Windows Explorer, go to the windows/system32 folder and see the
>>file name listed before stopping the process. I cannot delete the file
>>because it is in use. If I stop the process in task manager, the file
>>leaves
>>the windows/system32 folder and the new filename appears as the new
>>process
>>begins in task manager.
>>Some process must be running that is not only starting but creating these
>>odd named "exe' files, but I can't determine what it is. I am running the
>>Spybot Search & Destroy feature that alerts you when a task is trying to
>>change the registry. The alerts from Spybot Search & Destroy is how I
>>discovered these programs where running.
>>I have run virus scan on the drive with no problems found. I have run both
>>Spybot Search & Destroy and Ad-Aware and the processes continue.
>>Any help?
>
> When you ran these programs did you disable system restore and then re
> enable it after reboot? Sometime these files are
> placed in system restore and they cannot be deleted unless system restore
> is turned off. Hope this helps.
>